37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
---
|
|
# Install the 2FA packages and setup the config in PAM and SSH
|
|
- name: Install google authenticator PAM module
|
|
apt:
|
|
name: 'libpam-google-authenticator'
|
|
state: present
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
|
|
- name: Install google authenticator PAM module
|
|
yum:
|
|
name: 'google-authenticator'
|
|
state: present
|
|
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Oracle Linux'
|
|
|
|
- name: Add google auth module to PAM
|
|
pamd:
|
|
name: 'sshd'
|
|
type: 'auth'
|
|
control: 'required'
|
|
module_path: 'pam_google_authenticator.so'
|
|
|
|
- name: Remove password auth from PAM
|
|
pamd:
|
|
name: 'sshd'
|
|
type: 'auth'
|
|
control: 'substack'
|
|
module_path: 'password-auth'
|
|
state: absent
|
|
when: ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux' or ansible_distribution == 'Amazon'
|
|
|
|
- name: Remove password auth from PAM
|
|
replace:
|
|
dest: '/etc/pam.d/sshd'
|
|
regexp: '^@include common-auth'
|
|
replace: '#@include common-auth'
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|